Anda di halaman 1dari 19

Australia and Cyber Warfare


Ian Dudgeon
A presentation to the

AIIA Queensland Branch

14 June 2011

What is Warfare ?
Hostilities, including the use of force, between states, states and non-states, two or more non-states Warfare involves both defence and offense

The end-game is political

What is Cyber Warfare?

Cyber warfare is warfare in cyberspace or the cyber domain Cyberspace comprises all global digital communities and information processing, storage and transfer infrastructures Cyber warfare activities encompass information in digital or electronic form, supporting IT systems (including both hardware & software), other supporting infrastructure, and the people who rely on, operate and maintain the ICT

Targets in Cyber Warfare

Capability and Will
to wage and sustain warfare Capability is largely physical
but includes the decision cycle

Will is largely psychological

but capability can play an important role

Both apply to military and civilian targets

Information Infrastructures
in the Information Society

Infrastructures within the cyber domain in and over which information is collected, processed, stored and transported. It includes the information itself and the people who process information & maintain systems. Three relevant information infrastructures *National Information Infrastructure (NII *Global Information Infrastructure (GII) *Defence Information Infrastructure (DII)

Information Infrastructures
in the Information Society

NII domestic information infrastructure that enables the critical infrastructures that underpin the functionality of our society e.g. telecommunications, financial services, transport systems, energy, water, media, essential government services. Includes the domestic part of the Internet. GII global collection of NIIs. Connectivity provides the global Internet.

DII tactical information infrastructures, and those Defence and private sector owned elements of the NII and GII Defence that enable all Defence operational, strategic and support functions.

Information Infrastructures
in the Information Society

The DII Some Characteristics

Some 90% of the DII, especially domestic strategic, but also some key operational communications e.g. satellites, are owned by the private sector Many other critical integrated support requirements are provided by the private sector e.g. manufacture of defence equipment , and logistic and maintenance services. It is evident, therefore, that much of Defence capability (e.g. communications, equipment manufacture, logistics and other services) is integrated & interdependent with & provided by the private sector and underpinned by the DII, NII and GII

Information Infrastructures
inInformation the Information Society Assurance (IA) The functionality of the NII, GII and DII relies on Information Assurance
*Availability *Integrity *Confidentiality (where appropriate) *Authentication

In wartime, we must defend Information Assurance across the Defence-related cyber domain from attack by adversaries, or other threats. In peacetime, we protect Information Assurance across the NII, GII and DII against exploitation by a potential adversary, and protect also against accident, criminals, cyber vandals, and other threats

Our adversarys Information Assurance is an offensive target for capability and will

Targets in Warfare
The NII, GII and DII are defensive and offensive targets in cyber warfare Robust Information Assurance, including cyber security, enhances functionality & capability Enhanced functionality & capability help maintain morale & will Compromised Information Assurance, including cyber security, negatively impacts on functionality & capability, and (especially with targeted psyops) on morale and will

The Networked ADF : C4ISREW

The ADF : Force 2030 will be fully networked in terms of combat capability and support functions, all enabled via the cyber domain. The importance of C4ISREW
command & control, computers & communications :C2+C2=C4 intelligence, reconnaissance, surveillance : ISR electronic warfare (EW)

In the cyber domain

ISREW provides situational awareness ISREW contributes to intelligence processing and knowledge ISREW also contributes to decision-making Command and Control(C2) advises decisions and enables manoeuvre Computers and Communications enable all of the above

The Networked ADF : Superiority

The networked ADF will enable superiority in information awareness of the operational environment knowledge & decision-making manoeuvre support via supply and logistics

The Decision Cycle & Superiority

Observe Action Decide
Observe = superior situational awareness of the operational environment Orient = superior knowledge & options about the operational environment Decide = superior decision making of operational action to take against an adversary Action = superior manouvreability to that of the adversary


For the ADF, high quality and robust Information Assurance (IA) across the cyber domain is a critical requirement for superiority Defensive measures to protect IA across the cyber domain (DII, NII and GII) are, therefore, critical. Any compromise of Information Assurance (IA) will have some impact on superiority. The greater the compromise the greater the impact. Offensive measures that target & impact on the IA of an adversary, and thus the functionlity and any potential superiority the adversary, are a priority

Cyber Warfare Targeting

What: hardware, software, power supply, people
How: destroy, disrupt, deny, degrade, deceive, exploit

Means: Kinetic explosive force Malware viruses, worms, trojans, logic bombs, botnets etc. Hacking exploit for intelligence, insert malware New Weapons include EW, Lasers, HPM, RF, other antisatellite

Offensive Cyber Warfare

Targeting capability through C4ISREW Computers - all processors at all levels: exploit for
intelligence, destroy/disrupt/deny hard ware and software Communications destroy, disrupt and deny some or all key systems in relevant strategic, operational or support areas Surveillance & Reconnaissance destroy/disrupt/deny access/deceive Intelligence destroy, disrupt or deceive (corrupt/alter) data, disrupt or deny access Command & Control destroy/disrupt computers or communications, deny,

Offensive Cyber Warfare

Targeting will by psychological means Disruption to society generally causes frustration, impacts on morale and shapes & influences attitudes, commitment, & can initiate the drive for political change Specific targeting that denies access to electronic media, information via internet, mobile phones, SMS, iPads, etc Exploit all information including social networking systems through internet (email messages, websites, blogs, twitter) SMS, TV, radio etc to project messages and facilitate influence

Advantages of Cyber Warfare

It can effectively complement other combat operations it is not a substitute for these Used pre-emptively, it may avoid other combat operations Very cheap compared to other weapons systems etc, therefore more accessible to less wealthy or technically advanced states and non-states Asymmetrical advantages Access to some targets otherwise not accessible Can place own troops in less danger Less collateral damage than use of conventional kinetic operations

But some legal and control considerations

Cyber Warfare ....... a Must-Have capability for any credible defence force in the 21st century. Its two key components are A high quality defensive capability A high quality offensive capability The start date has already passed